User Tools

Site Tools


ipw2200_generic

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
ipw2200_generic [2007/08/29 18:47]
drio weird character + hint when fails
ipw2200_generic [2008/05/09 23:55]
netrolller3d Even more spelling / "englishment" work.
Line 109: Line 109:
  
        # ifconfig eth1 up hw ether 00:11:22:33:44:55        # ifconfig eth1 up hw ether 00:11:22:33:44:55
 +
  
  
Line 119: Line 120:
        # iwconfig eth1 essid <ESSID> channel <#> key s:fakekey mode managed        # iwconfig eth1 essid <ESSID> channel <#> key s:fakekey mode managed
  
-Due to some limitations with the firmware we have to force a fakekey and set managed mode to ensure the airdump-ng tools work properly.+Due to some limitations with the firmware we have to force a fakekey and set managed mode to ensure the aircrack-ng tools work properly.
  
 ESSID is the name of the wireless network of our target AP. Channel is the wireless channel. ESSID is the name of the wireless network of our target AP. Channel is the wireless channel.
Line 154: Line 155:
  
 If the attack fails, try to rerun the command again ommiting the "-h <AP MAC>" parameter. If the attack fails, try to rerun the command again ommiting the "-h <AP MAC>" parameter.
 +
 +
 +
 +
 +
  
  
Line 162: Line 168:
  
 Now we will create an arp-request packet using the aquired keysteam file. The "-l" and "-k" options are the source IP and destination IP.  Now we will create an arp-request packet using the aquired keysteam file. The "-l" and "-k" options are the source IP and destination IP. 
-They can be any valid IP. The destination can be the gateway (router IP) but the attack run faster if it is an arbitrary IP. This can be run  +If you use valid destination IPs then you will be running an [[arp_amplification|amplification attack]]. This can be run in the same window  
-in the same window we run the chopchop attack:+we run the chopchop attack:
        
-       # packetforge-ng -0 -a <AP MAC> -h 00:11:22:33:44:55 -k 192.168.1.100 -l 192.168.1.101 -y replay_dec-####.xor -w arp-request+     # packetforge-ng -0 -a <AP MAC> -h 00:11:22:33:44:55 -k 192.168.1.100 -l 192.168.1.101 -y replay_dec-####.xor -w arp-request
  
  
Line 183: Line 189:
  
  
- 
-===== Wait to gather enough IVs ===== 
- 
-We have to wait now so airodump-ng gathers enough data (enough IVs) so we can run airocrack-ng.  
-How many packages we need so airocrack-ng cracks the wep key? It depends. The version of  
-airocrack-ng that comes with backtrack2 is not the lastest one. There have been a lot of improvements in recent versions  
-that have reduced the number of IVs needed. In my experience, I have found 300k (data output) is more than enough. 
  
  
  
 +===== Wait to gather enough IVs =====
  
 +We have to wait now so airodump-ng gathers enough data (enough IVs) so we can run aircrack-ng. 
 +How many packages we need so aircrack-ng cracks the wep key? It depends. The version of 
 +aircrack-ng that comes with backtrack2 is not the latest one so we need around 1.000.000 of IVs.
 +If we are using the latest version (0.9 and up) 100.000 is enough.
  
  
Line 201: Line 205:
 In another window we launch: In another window we launch:
  
-      # aircrack-ng dump*.cap+      # aircrack-ng -z dump*.cap
  
-Depending the number of packages you have gathered, this may take some minutes or you may get the key inmediately.+Depending the number of packages you have gathered, this may take some minutes or you may get the key immediately. 
 +The -z argument tells aircrack-ng to also try the PTW attack. If you version of aircrack-ng doesn't support it, just 
 +omit it.
  
 === NOTE: === === NOTE: ===
ipw2200_generic.txt · Last modified: 2009/09/26 14:27 by darkaudax